From 6953375cdcfe76137bd229b30d033c8fd532d487 Mon Sep 17 00:00:00 2001 From: Shwetha Umashanker <32020525+shwethaumashanker@users.noreply.github.com> Date: Thu, 23 Nov 2023 03:23:57 -0500 Subject: [PATCH] Updates for Granted v0.20.0 (#301) --- docs/granted/configuration.md | 4 ++++ docs/granted/recipes/credential-process.md | 2 +- docs/granted/recipes/inline-role-assumption.md | 15 +++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 docs/granted/recipes/inline-role-assumption.md diff --git a/docs/granted/configuration.md b/docs/granted/configuration.md index 1640fd9..fb33166 100644 --- a/docs/granted/configuration.md +++ b/docs/granted/configuration.md @@ -24,6 +24,10 @@ The configuration settings for Granted are stored within the `$HOME/.granted` fo - **Usage Tips and Credential Caching**: The `DisableUsageTips` option, when set to true, suppresses usage tips. The `DisableCredentialProcessCache` option, when set to true, prevents credential caching via credential processes. +- **Export All Environment Variables**: The `DefaultExportAllEnvVar=true` configuration exports all environment variables by default when the `credential_process` is used. + +- **Export Credentials To AWS**: The `ExportCredsToAWS=true` configuration will enable credentials to be exported to `~/.aws/credentials` by default. + To configure any of these options, you can use the following command: ``` diff --git a/docs/granted/recipes/credential-process.md b/docs/granted/recipes/credential-process.md index 4caffbf..57d8f40 100644 --- a/docs/granted/recipes/credential-process.md +++ b/docs/granted/recipes/credential-process.md @@ -56,4 +56,4 @@ Additionally, if you would like to use Glide for turn-key access requests, we su ## Assuming roles with Credential Process -When assuming roles via the credential process, we have improved the process by introducing automatic credential renewal. By default, only the `AWS_PROFILE` environment variable is exported when you run `assume `. If you wish to export all variables, you can do so by using the `--export-all-env-vars` flag when executing the assume command. +When assuming roles via the credential process, we have improved the process by introducing automatic credential renewal. By default, only the `AWS_PROFILE` environment variable is exported when you run `assume `. If you wish to export all variables, you can do so by using the `--export-all-env-vars` or `-x` flag when executing the assume command. You can also include the `DefaultExportAllEnvVar=true` configuration in your `~/.granted/config` to export all environment variables by default. diff --git a/docs/granted/recipes/inline-role-assumption.md b/docs/granted/recipes/inline-role-assumption.md new file mode 100644 index 0000000..f10f2c6 --- /dev/null +++ b/docs/granted/recipes/inline-role-assumption.md @@ -0,0 +1,15 @@ +# Inline Role Assumption + +## `--chain` flag + +In some edge cases, you may have roles which you have access to, but do not have a pre-configured profile. You can use the `--chain` flag to assume another role inline. This feature can be utilized in conjunction with either the `--exec` option or as part of a regular profile definition. + +``` +assume --chain arn:aws:iam::12345678912:role/aws-example --exec -- aws sts get-caller-identity +``` + +or + +``` +assume --chain arn:aws:iam::12345678912:role/aws-example +```